Adds occurrence evidence for poetry projects (#1303)

* Adds occurrence evidence for poetry projects Signed-off-by: Prabhu Subramanian <[email protected]> * Fix tests Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Aug 9, 2024 · f9a42d7 · f9a42d7
1 parent 0f03d02
commit f9a42d7
Show file tree

Hide file tree

Showing 11 changed files with 89 additions and 49 deletions.
diff --git a/contrib/rebuild-sqlite3.sh b/contrib/rebuild-sqlite3.sh
@@ -1,14 +1,7 @@
 #!/usr/bin/env bash
 
-npm install --ignore-scripts
-cd node_modules/sqlite3
-CFLAGS="${CFLAGS:-} -include ../src/gcc-preinclude.h"
-CXXFLAGS="${CXXFLAGS:-} -include ../src/gcc-preinclude.h"
-npx node-pre-gyp configure
-npx node-pre-gyp build
-
-if case $VARIANT in "alpine"*) false;; *) true;; esac; then ldd lib/binding/*/node_sqlite3.node; nm lib/binding/*/node_sqlite3.node | grep \"GLIBC_\" | c++filt || true ; fi
-
-npx node-pre-gyp package
-cd ../../
+pnpm install --ignore-scripts
+cd node_modules/.pnpm/[email protected]/node_modules/sqlite3
+pnpm install
+cd ../../../../../
 node -e 'require("sqlite3")' 
diff --git a/evinser.js b/evinser.js
@@ -658,7 +658,7 @@ export const parseSliceUsages = async (
     if (purlImportsMap && Object.keys(purlImportsMap).length) {
       for (const apurl of Object.keys(purlImportsMap)) {
         const apurlImports = purlImportsMap[apurl];
-        if (language === "php") {
+        if (["php", "python"].includes(language)) {
           for (const aimp of apurlImports) {
             if (atype.startsWith(aimp)) {
               if (!purlLocationMap[apurl]) {

diff --git a/index.js b/index.js
@@ -136,6 +136,7 @@ import {
   parseSwiftResolved,
   parseYarnLock,
   readZipEntry,
+  recomputeScope,
   splitOutputByGradleProjects,
 } from "./utils.js";
 let url = import.meta.url;
@@ -2835,13 +2836,6 @@ export async function createPythonBom(path, options) {
       dependencies.splice(0, 0, pdependencies);
     }
     options.parentComponent = parentComponent;
-    return buildBomNSData(options, pkgList, "pypi", {
-      src: path,
-      filename: poetryFiles.join(", "),
-      dependencies,
-      parentComponent,
-      formulationList,
-    });
   } // poetryMode
   if (metadataFiles?.length) {
     // dist-info directories
@@ -2956,13 +2950,13 @@ export async function createPythonBom(path, options) {
     }
   }
   // Use atom in requirements, setup.py and pyproject.toml mode
-  if (requirementsMode || setupPyMode || pyProjectMode) {
+  if (requirementsMode || setupPyMode || pyProjectMode || options.deep) {
     /**
      * The order of preference is pyproject.toml (newer) and then setup.py
      */
     if (options.installDeps) {
       let pkgMap = undefined;
-      if (pyProjectMode) {
+      if (pyProjectMode && !poetryMode) {
         pkgMap = getPipFrozenTree(
           path,
           pyProjectFile,
@@ -2971,7 +2965,7 @@ export async function createPythonBom(path, options) {
         );
       } else if (setupPyMode) {
         pkgMap = getPipFrozenTree(path, setupPy, tempDir, parentComponent);
-      } else {
+      } else if (!poetryMode) {
         pkgMap = getPipFrozenTree(path, undefined, tempDir, parentComponent);
       }
 
@@ -2993,6 +2987,7 @@ export async function createPythonBom(path, options) {
           });
           for (const apkg of pkgList) {
             if (iSymbolsMap[apkg.name]) {
+              apkg.scope = "required";
               apkg.properties = apkg.properties || [];
               apkg.properties.push({
                 name: "ImportedModules",
@@ -3030,30 +3025,31 @@ export async function createPythonBom(path, options) {
         }
       }
       // ATOM parsedeps block
-
-      // Complete the dependency tree by making parent component depend on the first level
-      for (const p of pkgMap.rootList) {
-        if (
-          parentComponent &&
-          p.name === parentComponent.name &&
-          (p.version === parentComponent.version || p.version === "latest")
-        ) {
-          continue;
+      if (pkgMap) {
+        // Complete the dependency tree by making parent component depend on the first level
+        for (const p of pkgMap.rootList) {
+          if (
+            parentComponent &&
+            p.name === parentComponent.name &&
+            (p.version === parentComponent.version || p.version === "latest")
+          ) {
+            continue;
+          }
+          parentDependsOn.add(`pkg:pypi/${p.name.toLowerCase()}@${p.version}`);
+        }
+        if (pkgMap?.pkgList?.length) {
+          pkgList = pkgList.concat(pkgMap.pkgList);
+        }
+        if (pkgMap?.formulationList?.length) {
+          formulationList = formulationList.concat(pkgMap.formulationList);
+        }
+        if (pkgMap?.dependenciesList) {
+          dependencies = mergeDependencies(
+            dependencies,
+            pkgMap.dependenciesList,
+            parentComponent,
+          );
         }
-        parentDependsOn.add(`pkg:pypi/${p.name.toLowerCase()}@${p.version}`);
-      }
-      if (pkgMap.pkgList?.length) {
-        pkgList = pkgList.concat(pkgMap.pkgList);
-      }
-      if (pkgMap.formulationList?.length) {
-        formulationList = formulationList.concat(pkgMap.formulationList);
-      }
-      if (pkgMap.dependenciesList) {
-        dependencies = mergeDependencies(
-          dependencies,
-          pkgMap.dependenciesList,
-          parentComponent,
-        );
       }
       let parentPresent = false;
       for (const d of dependencies) {
@@ -3125,6 +3121,8 @@ export async function createPythonBom(path, options) {
   if (tempDir?.startsWith(tmpdir()) && rmSync) {
     rmSync(tempDir, { recursive: true, force: true });
   }
+  // Re-compute the component scope
+  pkgList = recomputeScope(pkgList, dependencies);
   if (FETCH_LICENSE) {
     pkgList = await getPyMetadata(pkgList, false);
   }

diff --git a/postgen.js b/postgen.js
@@ -1,6 +1,7 @@
 import { existsSync, readFileSync, rmSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
+import process from "node:process";
 import { PackageURL } from "packageurl-js";
 import { dirNameStr } from "./utils.js";
 

diff --git a/types/evinser.d.ts.map b/types/evinser.d.ts.map
diff --git a/types/index.d.ts.map b/types/index.d.ts.map
diff --git a/types/postgen.d.ts.map b/types/postgen.d.ts.map
diff --git a/types/utils.d.ts b/types/utils.d.ts
@@ -1226,6 +1226,15 @@ export function isValidIriReference(iri: string): boolean;
  * @returns {Boolean} True if the dependency tree lacks any non-root parents without children. False otherwise.
  */
 export function isPartialTree(dependencies: any[]): boolean;
+/**
+ * Re-compute and set the scope based on the dependency tree
+ *
+ * @param {Array} pkgList List of components
+ * @param {Array} dependencies List of dependencies
+ *
+ * @returns {Array} Updated list
+ */
+export function recomputeScope(pkgList: any[], dependencies: any[]): any[];
 export const dirNameStr: string;
 export const isWin: boolean;
 export const isMac: boolean;